Get AD group membership for computer in another domain

Hi,

I need to create a script, which has to run also on computers which don’t have the ActiveDirectory Module installed. So I am using ADSISearcher instead of the usual AD cmdlets.
My goal is to get the MemberOf contents of computers. My company has multiple domains, which are all trusted. Since the computer might be in a different domain, I am searching the global catalogue (GC://) and not LDAP.
Here is what I have so far:

$root = [ADSI]("GC://DC=forest,DC=com")
$search = [adsisearcher]$root
$search.filter = "(&(objectclass=computer)(cn=computername))"
$object = $search.findone()
$computer = $object.getdirectoryentry()
$computer.memberof

This woks fine if the computer is in the same domain as me. The membership is listed correctly.
But when the computer is in one of the other domains, I get to see only the universal groups where the PC is a member of, but not the other groups (domain local, global).
Any ideas how to see the complete membership?

Hi deiandrei,

I found this article to be very usefull when I had the same problem of getting users

http://blogs.technet.com/b/heyscriptingguy/archive/2011/11/10/use-powershell-to-find-user-profiles-on-a-computer.aspx

Hope it helps

Hmmm…I’m not sure I can follow your advice.
I am talking about Active Directory and your link is talking about local users/groups.

So you’re looking to get a list of all the active directory users on the different domains?

No sir. I never mentioned this.
I want to get the AD group membership of certain computers. My problem is that I can’t get the complete membership when the computer is in a different domain than I am.

I’m sorry for misunderstanding your question.